解决PuppetDB Failed to submit 'replace facts'问题
在升级了CentOS6.5后,系统一直运行正常,今天在尝试自动部署了一台新的Bootnode后,发现在运行puppet agent时,发生报错:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for bootnode.ustack.in to PuppetDB at bootnode.ustack.in:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server key exchange B: EC lib
查询puppetdb的日志:
014-01-07 09:11:45,138 WARN [qtp1031698099-150] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
我先排除我所使用的软件版本:
Puppet版本是3.3.2
PuppetDB版本是1.5.0
错误来源于puppet master在向puppetdb执行replace facts操作时出现Fail。使用往常的经验对系统进行了排查,排除了证书问题,puppetdb配置问题。随后google到了puppet user ML。
找到了以下关键信息:
If your runnning jdk 6u26 or older you're probably hitting these bugs.
I had this same error with the OpenDJ LDAP server a few years back and
upgrading the JDK fixed it.
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6932403
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7025227
We're touching that code right now, as we're actually in the process of deprecating use of JDK 1.6 with PuppetDB.
查了一下系统中的Java jdk版本,果然是1.6。
[root@master ~]# yum list |grep jdk java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.65.1.11.13.el6_4 @sunfire java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.66.1.13.0.el6 base java-1.6.0-openjdk-demo.x86_64 1:1.6.0.0-1.66.1.13.0.el6 base java-1.6.0-openjdk-devel.x86_64 1:1.6.0.0-1.66.1.13.0.el6 base java-1.6.0-openjdk-javadoc.x86_64 1:1.6.0.0-1.66.1.13.0.el6 base java-1.6.0-openjdk-src.x86_64 1:1.6.0.0-1.66.1.13.0.el6 base java-1.7.0-openjdk.x86_64 1:1.7.0.45-2.4.3.3.el6 base java-1.7.0-openjdk-demo.x86_64 1:1.7.0.45-2.4.3.3.el6 base java-1.7.0-openjdk-devel.x86_64 1:1.7.0.45-2.4.3.3.el6 base java-1.7.0-openjdk-javadoc.noarch 1:1.7.0.45-2.4.3.3.el6 base java-1.7.0-openjdk-src.x86_64 1:1.7.0.45-2.4.3.3.el6 base
将其升级到1.7.0,并重启puppetdb,一切恢复正常。
None